发明名称 |
Relationship-based authorization |
摘要 |
Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access. |
申请公布号 |
US9325692(B2) |
申请公布日期 |
2016.04.26 |
申请号 |
US201414444142 |
申请日期 |
2014.07.28 |
申请人 |
Medox Technologies, Inc. |
发明人 |
Beck Michael |
分类号 |
H04L29/06;G06F19/00;G06F21/33;G06F21/62;G06Q50/22;G06Q50/24;G06F21/31 |
主分类号 |
H04L29/06 |
代理机构 |
Mintz Levin Cohn Ferris Glovsky and Popeo, P.C. |
代理人 |
Mintz Levin Cohn Ferris Glovsky and Popeo, P.C. |
主权项 |
1. A non-transitory computer program product, tangibly embodied in a computer-readable media, the computer program product comprising instructions to cause data processing apparatus to perform operations comprising:
receiving data characterizing a request for authorization to access a computer-based resource by a principal; determining whether the requesting principal is authorized for the access to the computer-based resource, the determining occurring using a relationship repository comprising one or more data structures containing relationships, the data structures being separate and non-referential from the computer-based resource, the determining comprising: determining whether the requesting principal has an implicit relationship with a principal that has management rights of access to the computer-based resource, the implicit relationship implied by attributes of another relationship and determined based on an action of the requesting principle; determining whether the implicit relationship allows for the access to the computer-based resource; and providing authorization for the requesting principal to the computer-based resource. |
地址 |
|